this post was submitted on 16 Aug 2023
86 points (90.6% liked)
Technology
59607 readers
3533 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Pushing traffic to https isn’t the worst thing. My ask would be to have a toggle to disable due to local development or server deployments where http/port 80 is the only choice.
It does specifically say "defaulting to https:// if the site supports it", so I think specifying http will still work if the site doesn't actually support https.
Got a message back from Https, let's switch!
The message:
"Internal nginx routing error."
No testing a server side http-to-https upgrade/redirect without reconfiguring your browser. This seems like an unnecessary and bad idea.
This could be easily done better by promoting such server-side configurations as a default.
I mean, why should the browser attempt to correct inappropriately configured servers? Shouldn't they rather be making PRs to NGINX/Apache/CAs or whatever?
Also: can't this be exploited to spoof an unavailable HTTPS and coerce an unencrypted connection?